Forum Discussion

Sahitya95's avatar
Sahitya95
Icon for Microsoft rankMicrosoft
Jul 20, 2020

Azure AD service Principal Audit

I have requirement for service principal audit to detect if there is an inactive owner or an expired key/Service Principal within Azure for the Service Principal.

The remediation of that resource will execute as follows:
Service Principal Status
1. Detect if service principal is Inactive
2. Detect an inactive owner (utilizing API)
3. (Future Remediation) If there is multiple owners on a Service Principal, remove the Inactive Owner
ii. Key credentials
1. Detect if the service principal key is expired
2. (Future Remediation) Delete expired key
b. Generates a report of Active/Inactive Service Principals within the Tenant that is output to a Teams channel or as a email report.

 

>> I am trying below commands to get list of all Service principal along with expiration date but i also needed owner details

 

$apps = Get-AzureADApplication -All $true | Select-Object ObjectId

 

foreach($app in $apps)
{ $temp = Get-AzureADApplication -ObjectId $app.ObjectId
$temp.DisplayName
$temp.PasswordCredentials | Format-list EndDate
Write-Host ""
}

 

Can anyone help me with the above requirement?

  • Sahitya95 I would use Logic Apps for this. I've send you a DM with additional questions. I think a lot of organizations have the same need, so let's see if I can build such flow and make a step-by-step tutorial on this. 

Resources